Apple’s Shoddy QA Strikes Again As They Accidentally Put Every iDevice On The Planet In Danger Of Pwnage

I’ve been saying for a couple of years now that Apple’s QA is an #EpicFail as we’ve seen example after example after example of high profile bugs with significant security impacts make it into the hands of the public. And this past weekend we saw the worst example of this take place.

It appears that when Apple released iOS 12.4, Apple somehow unpatched a fix that they made in iOS 12.3 that now makes it possible for one of the few, if not only times that I can remember to jailbreak the current version of iOS. While this does allow one to install any piece of software that they want and customize an iDevice any way they want, it also opens up a massive security nightmare. Apps, even ones that are on the App Store could contain malicious code that could allow an evil doer to do anything from steal data to take over the device remotely. The possibilities are endless on that front and it puts any iDevice on the planet in danger. What’s worse is that a hacker named @Pwn2Owned has released the jailbreak to the public. Making this quite literally a copy and paste exercise for anyone who wants to do bad things to iOS users. And in the process this ups the danger level substantially.

So how do you protect yourself from this? Well, you really can’t fully protect yourself? You could avoid downloading ANY application from any source including the App Store as any app could contain attack code. But that isn’t good enough. A threat actor could set up or compromise a webpage to detect an iOS device and download the attack code to it for example. And there would be no way for you to stop it. Thus you’re pretty much at the mercy of Apple to fix this quickly. It was hoped that since this went public on the weekend, and Apple already had the solution in hand, a fix would be out on Monday. But that didn’t happen which means that users remain unprotected.

The question is, how could a trillion dollar company let this happen? Apple isn’t saying anything, but it’s clear that the problems that I have highlighted are still present and either they are so systemic that Apple is having difficultly fixing them, or Apple for whatever reason won’t fix them. Either way that’s a huge problem for a company that is known for privacy and security. In fact, it makes Apple look like amateurs as these sorts of high profile security issues keep happening.

Apple really needs to wake up and smell the coffee. They have serious issues in their quality control processes. They need to fix those issues. And those fixes need to happen now. Perhaps using the methods that I describe here. Because as it stands, Apple is a joke because their marketing which touts how secure their products are, and the actual security of their products aren’t in sync. And that means that they forfeit the high ground on the security front.

Advertisements

One Response to “Apple’s Shoddy QA Strikes Again As They Accidentally Put Every iDevice On The Planet In Danger Of Pwnage”

  1. […] Apple released iOS 12.4.1 which was meant to patch the vulnerability that they accidentally unpached when they released iOS 12.4. If you have an iDevice, you should go download it now. Really. You should do it right now. The […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: